Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for generating dynamic rules for a firewall policy, the method comprising: applying, by a computing device, a plurality of drop rules to a plurality of packets received at a network interface, wherein the plurality of drop rules are sequentially arranged and determine at least one of allowance and dropping of a packet of the plurality of packets based on a tracking information; generating, by the computing device, a unique drop rule for dropping a set of packets from the plurality of packets based on an implicit deny rule, wherein the implicit deny rule determines a drop for each of the plurality of packets; and determining, by the computing device, a sequence for the unique drop rule in the plurality of drop rules based on dropping of the set of packets.
2. The method of claim 1 , wherein the network interface is an ingress interface at a communication network.
3. The method of claim 1 , wherein the tracking information includes source or destination IP addresses of the plurality of packets.
4. The method of claim 1 , wherein the tracking information includes source or destination port of the plurality of packets.
5. The method of claim 1 , wherein the implicit deny rule comprises dropping of the plurality of packets based on implicitly denied tracking information.
6. The method of claim 1 , wherein the plurality of drop rules are sequentially arranged based on a priority position of each drop rule from the plurality of drop rules.
7. The method of claim 1 , wherein determining the sequence for the unique drop rule comprises: analyzing the set of packets in response to the dropping; determining a hit count of the set of packets; and positioning the unique drop rule based on a higher hit count value amongst the plurality of drop rules.
8. The method of claim 1 further comprises: determining a buffer value to hold the set of packets based on positioning of the unique drop rule; configuring a timeout period for installation of the unique drop rule amongst the plurality of drop rules; and deploying the unique drop rule based on the buffer value and the timeout period.
9. A system for generating dynamic rules for a firewall policy, the system comprising: a network interface; a processor coupled to the network interface; a memory communicatively coupled to the processor and having processor instructions stored thereon, causing the processor, on execution to: apply a plurality of drop rules to a plurality of packets received at a network interface, wherein the plurality of drop rules are sequentially arranged and determine at least one of allowance and dropping of a packet of the plurality of packets based on a tracking information; generate a unique drop rule for dropping a set of packets from the plurality of packets based on an implicit deny rule, wherein the implicit deny rule determines an drop for each of the plurality of packets; and determine a sequence for the unique drop rule in the plurality of drop rules based on dropping of the set of packets.
10. The system of claim 9 , wherein the network interface is an ingress interface at a communication network.
11. The system of claim 9 , wherein the tracking information includes source or destination IP addresses of the plurality of packets.
12. The system of claim 9 , wherein the tracking information includes source or destination port of the plurality of packets.
13. The system of claim 9 , wherein the implicit deny rule comprises dropping of the plurality of packets based on implicitly denied tracking information.
14. The system of claim 9 , wherein the plurality of drop rules are sequentially arranged based on a priority position of each drop rule from the plurality of drop rules.
15. The system of claim 9 , wherein to determining the sequence for the unique drop rule, the processor instruction are further configured to: analyze the set of packets in response to the dropping; determine a hit count of the set of packets; and position the unique drop rule based on a higher hit count value amongst the plurality of drop rules.
16. The system of claim 9 , wherein the processor instructions further cause the processor to: determine a buffer value to hold the set of packets based on positioning of the unique drop rule; configure a timeout period for installation of the unique drop rule amongst the plurality of drop rules; and deploy the unique drop rule based on the buffer value and the timeout period.
17. A non-transitory computer-readable storage medium comprising a set of computer executable instructions causing a system for generating dynamic rules for a firewall policy that includes one or more processors to perform steps including: applying a plurality of drop rules to a plurality of packets received at a network interface, wherein the plurality of drop rules are sequentially arranged and determine at least one of allowance and dropping of a packet of the plurality of packets based on a tracking information; generating unique drop rule for dropping a set of packets from the plurality of packets based on an implicit deny rule, wherein the implicit deny rule determines a drop for each of the plurality of packets; and determining a sequence for the unique drop rule in the plurality of drop rules based on dropping of the set of packets.
Unknown
June 16, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.